我正在设置 Ubuntu Server 20.04 系统作为 LAN 和 WAN 之间的网关。我无法正确配置 DNS。
我的 2 个接口有 2 个 netplan 配置文件。
内部以太网接口(LAN)
root@gate:~# cat /etc/netplan/01-eth_int.yaml
# This is the network config written by 'subiquity'
network:
ethernets:
enp4s0:
addresses: ['10.0.10.1/24']
match:
macaddress: 00:60:e0:76:9e:e7
set-name: eth_int
version: 2
外部以太网接口(WAN)
root@gate:~# cat /etc/netplan/02-eth_ext.yaml
# This is the network config written by 'subiquity'
network:
ethernets:
enp5s0:
addresses: ['10.200.56.254/24']
gateway4: 10.200.56.1
nameservers:
addresses: [195.78.215.228, 195.78.223.228]
addresses: [8.8.8.8, 8.8.4.4]
match:
macaddress: 00:60:e0:76:9e:e8
set-name: eth_ext
version: 2
重启后,接口将根据 netplan 配置文件进行配置。但 /etc/resolv.conf 配置错误
root@gate:~# cat /etc/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 127.0.0.53
options edns0
进行的测试/检查:
- /etc/resolv.conf 是 ../run/systemd/resolve/stub-resolv.conf 的符号链接
- systemd-resolve --status 返回 eth_ext 接口的正确 DNS,但没有全局 DNS(可能是一个问题?)
root@gate:~# systemd-resolve --status
Global
LLMNR setting: no
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
18.172.in-addr.arpa
19.172.in-addr.arpa
20.172.in-addr.arpa
21.172.in-addr.arpa
22.172.in-addr.arpa
23.172.in-addr.arpa
24.172.in-addr.arpa
25.172.in-addr.arpa
26.172.in-addr.arpa
27.172.in-addr.arpa
28.172.in-addr.arpa
29.172.in-addr.arpa
30.172.in-addr.arpa
31.172.in-addr.arpa
corp
d.f.ip6.arpa
home
internal
intranet
lan
local
private
test
Link 5 (eth_ext)
Current Scopes: DNS
DefaultRoute setting: yes
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 195.78.215.228
195.78.223.228
8.8.8.8
8.8.4.4
Link 4 (enp0s31f6)
Current Scopes: none
DefaultRoute setting: no
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
Link 3 (eth_int)
Current Scopes: none
DefaultRoute setting: no
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
Link 2 (enp3s0)
Current Scopes: none
DefaultRoute setting: no
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
- 编辑了 /etc/systemd/resolved.conf,设置并取消注释 DNS 条目。运行 systemd-resolve --status 时会出现一个全局 DNS 条目,但 /etc/resolv.conf 不会改变
显然,这种不匹配将导致 DNS 无法正常工作
root@gate:~# ping google.com
ping: google.com: Temporary failure in name resolution
root@gate:~# nslookup heise.de 127.0.0.53
;; connection timed out; no servers could be reached
我该如何解决这个问题?
答案1
您提到过,您的/etc/resolv.conf符号链接是/run/systemd/resolve/stub-resolv.conf
要解决此问题,请执行以下操作:
- 取消链接:
$ sudo unlink /etc/resolv.conf $ sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.confsudo systemctl restart systemd-resolved.service
以下信息来自man systemd-resolved:
/ETC/RESOLV.CONF
Four modes of handling /etc/resolv.conf (see resolv.conf(5)) are supported:
• systemd-resolved maintains the /run/systemd/resolve/stub-resolv.conf file for compatibility with
traditional Linux programs. This file may be symlinked from /etc/resolv.conf. This file lists the
127.0.0.53 DNS stub (see above) as the only DNS server. It also contains a list of search domains that are
in use by systemd-resolved. The list of search domains is always kept up-to-date. Note that
/run/systemd/resolve/stub-resolv.conf should not be used directly by applications, but only through a
symlink from /etc/resolv.conf. This file may be symlinked from /etc/resolv.conf in order to connect all
local clients that bypass local DNS APIs to systemd-resolved with correct search domains settings. This
mode of operation is recommended.
• A static file /usr/lib/systemd/resolv.conf is provided that lists the 127.0.0.53 DNS stub (see above) as
only DNS server. This file may be symlinked from /etc/resolv.conf in order to connect all local clients
that bypass local DNS APIs to systemd-resolved. This file does not contain any search domains.
• systemd-resolved maintains the /run/systemd/resolve/resolv.conf file for compatibility with traditional
Linux programs. This file may be symlinked from /etc/resolv.conf and is always kept up-to-date, containing
information about all known DNS servers. Note the file format's limitations: it does not know a concept of
per-interface DNS servers and hence only contains system-wide DNS server definitions. Note that
/run/systemd/resolve/resolv.conf should not be used directly by applications, but only through a symlink
from /etc/resolv.conf. If this mode of operation is used local clients that bypass any local DNS API will
also bypass systemd-resolved and will talk directly to the known DNS servers.
• Alternatively, /etc/resolv.conf may be managed by other packages, in which case systemd-resolved will read
it for DNS configuration data. In this mode of operation systemd-resolved is consumer rather than provider
of this configuration file.
Note that the selected mode of operation for this file is detected fully automatically, depending on whether
/etc/resolv.conf is a symlink to /run/systemd/resolve/resolv.conf or lists 127.0.0.53 as DNS server.
答案2
我注意到您没有在您的局域网上指定 dhcp4: false 并且没有分配名称服务器 - 这可能是您的问题?
我最近刚刚将我的 ubuntu 机器设置为路由器,经过一番努力后,我放弃了命名接口,而是将它们作为 yaml 文件中的 eno1 / enp1s0(顺便说一句,我将它们的描述合并到一个我命名的文件中,01-router-all.yaml这样在进行更改时我只需编辑一个文件)。我认为我遇到了竞争条件,因为在网络服务根据我的 .yaml 命名接口之前,dhcp 服务器服务就开始启动了。
如果有帮助的话,下面是我的工作/etc/netplan/01-router-all.yaml(我有点作弊并分配了公共 DNS,因为我仍然需要在我的计算机上设置 DNS 服务器):
network:
version: 2
renderer: networkd
ethernets:
# eno1 = wan1
eno1:
dhcp4: false
addresses: [192.168.1.8/24]
nameservers:
addresses: [9.9.9.9, 1.1.1.1]
search: []
# enp1s0 = lan
enp1s0:
dhcp4: false
addresses: [192.168.9.1/24]
nameservers:
addresses: [9.9.9.9, 1.1.1.1]
search: []